Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed
in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and
access to the full text.
On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely
map of contemporary research in cryptology.
All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.

AbstractAny cryptographic functionality, such as encryption or authentication, must be implemented in the real world before it can be put to practical use. This implementation typically takes the form of either a software implementation for a general-purpose device such as a personal computer, or as a dedicated secure hardware device, whose main purpose is to embody the cryptographic functionality. Examples of such secure hardware devices include smart cards, car alarm key fobs and computerized ballots. To evaluate the security of a cryptographic system, researchers look for flaws which allow an attacker to break the security assumptions of the system (for example, allowing an unauthorized party to view or modify a message intended for someone else). Physical attacks (also called implementation attacks) compromise the system by taking advantage of the physical aspects of the algorithm's implementation. Some physical attacks (such as, for example, power analysis) recover the secret key used by the secure device by analyzing physical effects produced during its use; Others (such as, for example, relay attacks) disable or otherwise limit its secure behaviour by exploiting design or implementation flaws or by changing the underlying assumptions made by the designers of the system.
This research focuses on physical attacks on secure hardware devices and on countermeasures which protect against these attacks. My goals were to investigate vulnerabilities in current secure hardware implementations and to evaluate the effectiveness of current and proposed countermeasures against these vulnerabilities. The two main tracks of my research are side-channel analysis (and explicitly power analysis) and secure RFID.
In the side-channel analysis track, I investigated ways of reducing the data requirements of power analysis attacks. We showed how to mount key recovery attacks on a secure device using an extremely low amount of measurement data. The main novelty of our attack was the use of a pseudo-Boolean optimizer -- a powerful general-purpose constraint solving tool -- to quickly and efficiently explore the huge space of possible solutions and find the correct one.
In the secure RFID track, I researched physical attacks on near-field RFID systems, specifically in relation to the proposed Israeli electronic voting scheme. The electronic characteristics of near-field RFID systems require a very short distance between the tag and the reader (typically less than 10cm) for the tag to operate. This leads to the (mistaken) implicit assumption that whenever a reader can communicate with a tag one can assume that the tag is physically very close to the reader. As described in [kfir-wool], relay attacks challenge this underlying assumption and allow a nearly unlimited distance between tag and reader. We describe how relay attacks and other lower-cost attacks can be used to target the reliability, anonymity and trustworthiness of the proposed electronic voting scheme, and what countermeasures can be considered to protect against these attacks.
The results described in this dissertation show how important it is to consider not only the algorithmic component of security, but also the physical aspects of building and breaking secure systems.